Home Malware Programs Browser Hijackers Antivirus-armature.com

Antivirus-armature.com

Posted: April 8, 2010

Antivirus-armature.com is another browser hijacker involved in the Antivirus Suite cyberscam. Antivirus-armature.com appears as a system scan webpage which produces bogus results claiming the system is infected. Users will then be bombarded by popup warnings which claim only Antivirus Suite can remove the alleged threats. Remove the threats related to this blatant scam.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]ftav.exe
    2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe
    3 %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"HKEY_LOCAL_MACHINE\SOFTWARE\avsuiteHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[random string].exe"

One Comment

  • Kumar says:
    April 10, 2010 at 6:29 pm

    Guys,

    Antivirus-armature.com Manual Removal Instructiontions was worked for me and it was successfully removed the _______ virus.

    Goto the following site and follow the steps carefully, REGISTRY values need to be deleted with bit care, double check the REGISTRY path while you guys delete the REGISTRY values.

    http://www.spywareremove.com/removeAntivirusarmaturecom.html

    Hope s/w will also be more useful from this website but try with manual hopefully 99% you will get succeeded, So keep cool when you guys got this ______ error and can go step by step to get rid of this F_________..!!

    good luck!!!

    Kumar

Loading...